A critical vulnerability (CVE-2026-46817) in Oracle E-Business Suite is under active exploitation in the wild. Approximately 900–950 internet-facing EBS instances have been identified globally, with DefusedCyber observing real-world attack attempts. The flaw enables remote code execution and affects systems handling sensitive financial, HR, and operational data. Attackers appear to have reverse-engineered Oracle's patch before public disclosure.
Oracle Health
Oracle Health (formerly Cerner) EHR and revenue-cycle suite for hospitals and clinics.
Recent threats
Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62 contain a critical remote code execution vulnerability (CVE-2026-35273) in the Updates Environment Management component. The vulnerability allows unauthenticated remote attackers to execute arbitrary code via HTTP. Exploitation is actively occurring in the wild; immediate patching is required.
- Remote Code Execution Vulnerability in Oracle PeopleSoft Enterpr(opens in a new tab)
- Censys Highlights Critical Oracle PeopleSoft Vulnerability and E(opens in a new tab)
- Oracle Warns PeopleSoft Customers After Critical Zero-Day Exploi(opens in a new tab)
- Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by Sh(opens in a new tab)
- ShinyHunters Exploits Oracle PeopleSoft Zero-Day CVE-2026-35273 (opens in a new tab)
- ShinyHunters extortion gang targets global universities through (opens in a new tab)
ShinyHunters claimed breach of Oracle PeopleSoft servers at over 100 organizations including universities, exfiltrating student records, financial aid data, and administrative information. The group exploited a vulnerability in PeopleSoft to achieve mass compromise; attackers obtained personal data including home addresses, phone numbers, emails, and dates of birth from educational institutions.
- Cybercriminals claim breach of Oracle PeopleSoft servers at 100-(opens in a new tab)
- Hackers say they breached Oracle PeopleSoft systems used by more(opens in a new tab)
- Oracle Emergency Security Update to Fix Critical RCE Vulnerabili(opens in a new tab)
- Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-D(opens in a new tab)
- Oracle warns of security bug that hackers abused to breach 100+ (opens in a new tab)
- ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273(opens in a new tab)
CVE-2026-46839, a critical vulnerability in Oracle REST Data Services (ORDS) Core component, allows low-privileged authenticated attackers to execute arbitrary code and gain full system control via path traversal. Affects versions 24.2.0–26.1.0 with CVSS 9.9. Oracle released a patch in May 2026; exploitation complexity is low and no public PoC exists as of early June 2026, but technical details suggest rapid weaponization is likely.
CISA added CVE-2024-21182, a critical Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities catalog on June 1, 2026, after confirming active exploitation in the wild. The flaw allows unauthenticated attackers to gain unauthorized access via T3 and IIOP protocols. CISA ordered federal agencies to patch by June 4, 2026, and strongly recommends organizations apply mitigations immediately to prevent compromise of WebLogic-dependent services including potential Oracle Health infrastructure.
- CISA Issues Alert on Oracle WebLogic Server Flaw Under Active Ex(opens in a new tab)
- U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulne(opens in a new tab)
- Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active(opens in a new tab)
- CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively (opens in a new tab)
- CISA warns of Oracle WebLogic vulnerability exploitation(opens in a new tab)
- Oracle WebLogic CVE-2024-21182 Added to KEV(opens in a new tab)